<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title></title>
	<link rel="stylesheet" type="text/css" href="http://paranoid.net.cn/semantic.css" >
</head>
<body>
<section-title-en>3.4 Physical Attacks</section-title-en>
<section-title-ch>3.4 物理攻击</section-title-ch>
<p-en>
	Physical attacks are generally classified according to their cost, which factors in the equipment needed to carry out the attack and the attack's complexity. Joe Grand's DefCon presentation [69] provides a good overview with a large number of intuition-building figures and photos.
</p-en>
<p-ch>
	物理攻击一般是根据其成本来分类的，其中包括实施攻击所需的设备和攻击的复杂性。Joe Grand的DefCon演讲[69]提供了一个很好的概述，并提供了大量直观的数字和照片。
</p-ch>
<p-en>
	The simplest type of physical attack is a denial of service attack performed by disconnecting the victim computer's power supply or network cable. The threat models of most secure architectures ignore this attack, because denial of service can also be achieved by software attacks that compromise system software such as the hypervisor.
</p-en>
<p-ch>
	最简单的物理攻击类型是通过断开受害者计算机的电源或网络电缆进行的拒绝服务攻击。大多数安全架构的威胁模型忽略了这种攻击，因为拒绝服务也可以通过破坏系统软件（如管理程序）的软件攻击来实现。
</p-ch>
<section-title-en>3.4.1 Port Attacks</section-title-en>
<section-title-ch>3.4.1 端口攻击</section-title-ch>
<p-en>
	Slightly more involved attacks rely on connecting a device to an existing port on the victim computer's case or motherboard (§2.9.1). A simple example is a cold boot attack, where the attacker plugs in a USB flash drive into the victim's case and causes the computer to boot from the flash drive, whose malicious system software receives unrestricted access to the computer's peripherals.
</p-en>
<p-ch>
	稍微复杂一点的攻击依赖于将设备连接到受害者计算机的机箱或主板上的现有端口（§2.9.1）。一个简单的例子是冷启动攻击，攻击者将一个USB闪存驱动器插入受害者的机箱，并使计算机从闪存驱动器启动，其恶意系统软件可以不受限制地访问计算机的外围设备。
</p-ch>
<p-en>
	More expensive physical attacks that still require relatively little effort target the debug ports of various peripherals. The cost of these attacks is generally dominated by the expense of acquiring the development kits needed to connect to the debug ports. For example, recent Intel processors include the Generic Debug eXternal Connection (GDXC) [126, 199], which collects and filters the data transferred by the uncore's ring bus (§2.11.3), and reports it to an external debugger.
</p-en>
<p-ch>
	更昂贵的物理攻击，仍然需要相对较少的努力，目标是各种外围设备的调试端口。这些攻击的成本一般由获取连接到调试端口所需的开发套件的费用所主导。例如，最近的英特尔处理器包括通用调试外部连接(GDXC)[126，199]，它收集和过滤由非核心的环形总线(§2.11.3)传输的数据，并将其报告给外部调试器。
</p-ch>
<p-en>
	The threat models of secure architectures generally ignore debug port attacks, under the assumption that devices sold for general consumption have their debug ports irreversibly disabled. In practice, manufacturers have strong incentives to preserve debugging ports in production hardware, as this facilitates the diagnosis and repair of defective units. Due to insufficient documentation on this topic, we ignore the possibility of GDXC-based attacks.
</p-en>
<p-ch>
	安全架构的威胁模型通常忽略调试端口攻击，其假设是，出售给一般消费者的设备的调试端口不可逆转地被禁用。在实践中，制造商有强烈的动机在生产硬件中保留调试端口，因为这有利于诊断和修复有缺陷的设备。由于这方面的文献不足，我们忽略了基于GDXC攻击的可能性。
</p-ch>
<section-title-en>3.4.2 Bus Tapping Attacks</section-title-en>
<section-title-ch>3.4.2 总线窃听攻击</section-title-ch>
<p-en>
	More complex physical attacks consist of installing a device that taps a bus on the computer's motherboard (§2.9.1). Passive attacks are limited to monitoring the bus traffic, whereas active attacks can modify the traffic, or even place new commands on the bus. Replay attacks are a notoriously challenging class of active attacks, where the attacker first records the bus traffic, and then selectively replays a subset of the traffic. Replay attacks bypass systems that rely on static signatures or HMACs, and generally aim to double-spend a limited resource.
</p-en>
<p-ch>
	更复杂的物理攻击包括在计算机的主板上安装一个窃听总线的设备（§2.9.1）。被动攻击仅限于监视总线流量，而主动攻击则可以修改流量，甚至在总线上放置新的命令。重放攻击是一类臭名昭著的具有挑战性的主动攻击，攻击者首先记录总线流量，然后有选择地重放流量的一个子集。重放攻击绕过了依赖静态签名或HMAC的系统，一般目的是双重花费有限的资源。
</p-ch>
<p-en>
	The cost of bus tapping attacks is generally dominated by the cost of the equipment used to tap the bus, which increases with bus speed and complexity. For example, the flash chip that stores the computer's firmware is connected to the PCH via an SPI bus (§2.9.1), which is simpler and much slower than the DDR bus connecting DRAM to the CPU. Consequently, tapping the SPI bus is much cheaper than tapping the DDR bus. For this reason, systems whose security relies on a cryptographic hash of the firmware will first copy the firmware into DRAM, hash the DRAM copy of the firmware, and then execute the firmware from DRAM.
</p-en>
<p-ch>
	总线窃听攻击的成本一般以用于窃听总线的设备的成本为主，随着总线速度和复杂程度的增加，成本也会增加。例如，存储计算机固件的闪存芯片是通过SPI总线(§2.9.1)与PCH连接的，它比连接DRAM与CPU的DDR总线简单，速度也慢得多。因此，攻克SPI总线比攻克DDR总线要便宜得多。因此，安全性依赖于固件的加密哈希的系统会先将固件复制到DRAM中，对DRAM中的固件副本进行哈希，然后再从DRAM中执行固件。
</p-ch>
<p-en>
	Although the speed of the DDR bus makes tapping very difficult, there are well-publicized records of successful attempts. The original Xbox console's booting process was reverse-engineered, thanks to a passive tap on the DRAM bus [82], which showed that the firmware used to boot the console was partially stored in its southbridge. The protection mechanisms of the PlayStation 3 hypervisor were subverted by an active tap on its memory bus [81] that targeted the hypervisor's page tables.
</p-en>
<p-ch>
	虽然DDR总线的速度使窃听变得非常困难，但也有广为人知的成功尝试记录。最初的Xbox游戏机的启动过程被逆向设计，这要归功于对DRAM总线的被动窃听[82]，这表明用于启动游戏机的固件部分存储在其南桥中。PlayStation 3管理程序的保护机制被主动窃听其内存总线[81]所颠覆，其目标是管理程序的页表。
</p-ch>
<p-en>
	The Ascend secure processor (§4.10) shows that concealing the addresses of the DRAM cells accessed by a program is orders of magnitude more expensive than protecting the memory's contents. Therefore, we are interested in analyzing attacks that tap the DRAM bus, but only use the information on the address lines. These attacks use the same equipment as normal DRAM bus tapping attacks, but require a significantly more involved analysis to learn useful information. One of the difficulties of such attacks is that the memory addresses observed on the DRAM bus are generally very different from the application's memory access patterns, because of the extensive cache hierarchies in modern processors (§2.11).
</p-en>
<p-ch>
	Ascend安全处理器(§4.10)表明，隐藏程序访问的DRAM单元的地址比保护存储器的内容要贵上几个数量级。因此，我们有兴趣分析那些窃听DRAM总线，但只使用地址线信息的攻击。这些攻击与普通的DRAM总线窃听攻击使用相同的设备，但需要明显更多的分析来学习有用的信息。这类攻击的困难之一是，由于现代处理器中广泛的缓存层次结构，在DRAM总线上观察到的内存地址通常与应用程序的内存访问模式有很大的不同（§2.11）。
</p-ch>
<p-en>
	We are not aware of any successful attack based on tapping the address lines of a DRAM bus and analyzing the sequence of memory addresses.
</p-en>
<p-ch>
	我们不知道有任何基于窃听DRAM总线的地址线并分析内存地址序列的成功攻击。
</p-ch>
<section-title-en>3.4.3 Chip Attacks</section-title-en>
<section-title-ch>3.4.3 芯片攻击</section-title-ch>
<p-en>
	The most equipment-intensive physical attacks involve removing a chip's packaging and directly interacting with its electrical circuits. These attacks generally take advantage of equipment and techniques that were originally developed to diagnose design and manufacturing defects in chips. [22] covers these techniques in depth.
</p-en>
<p-ch>
	设备最密集的物理攻击涉及到拆除芯片的包装，并直接与其电路互动。这些攻击一般利用最初为诊断芯片的设计和制造缺陷而开发的设备和技术。22]深入介绍了这些技术。
</p-ch>
<p-en>
	The cost of chip attacks is dominated by the required equipment, although the reverse-engineering involved is also non-trivial. This cost grows very rapidly as the circuit components shrink. At the time of this writing, the latest Intel CPUs have a 14nm feature size, which requires ion beam microscopy.
</p-en>
<p-ch>
	芯片攻击的成本以所需设备为主，尽管涉及的逆向工程也是非同小可的。随着电路元件的缩小，这种成本增长非常迅速。在撰写本文时，最新的英特尔CPU的特征尺寸为14纳米，这需要离子束显微镜。
</p-ch>
<p-en>
	The least expensive classes of chip attacks are destructive, and only require imaging the chip's circuitry. These attacks rely on a microscope capable of capturing the necessary details in each layer, and equipment for mechanically removing each layer and exposing the layer below it to the microscope.
</p-en>
<p-ch>
	成本最低的一类芯片攻击是破坏性的，只需要对芯片的电路进行成像。这些攻击依靠的是能够捕捉每一层中必要细节的显微镜，以及机械地去除每一层并将其下面的一层暴露在显微镜下的设备。
</p-ch>
<p-en>
	Imaging attacks generally target global secrets shared by all the chips in a family, such as ROM masks that store global encryption keys or secret boot code. They are also used to reverse-engineer undocumented functionality, such as debugging backdoors. E-fuses and polyfuses are particularly vulnerable to imaging attacks, because of their relatively large sizes.
</p-en>
<p-ch>
	成像攻击一般针对一个系列中所有芯片共享的全局性秘密，如存储全局性加密密钥或秘密启动代码的ROM掩码。它们还被用来反向工程未记录的功能，如调试后门。E引信和多引信由于体积相对较大，特别容易受到成像攻击。
</p-ch>
<p-en>
	Non-destructive passive chip attacks require measuring the voltages across a module at specific times, while the chip is operating. These attacks are orders of magnitude more expensive than imaging attacks, because the attacker must maintain the integrity of the chip's circuitry, and therefore cannot de-layer the chip.
</p-en>
<p-ch>
	非破坏性的被动芯片攻击需要在芯片工作的特定时间测量模块上的电压。这些攻击比成像攻击的成本要高几个数量级，因为攻击者必须保持芯片电路的完整性，因此不能对芯片进行去层。
</p-ch>
<p-en>
	The simplest active attacks on a chip create or destroy an electric connection between two components. For example, the debugging functionality in many chips is disabled by “blowing” an e-fuse. Once this e-fuse is located, an attacker can reconnect its two ends, effectively undoing the “blowing” operation. More expensive attacks involve changing voltages across a component as the chip is operating, and are typically used to reverseengineer complex circuits.
</p-en>
<p-ch>
	对芯片的最简单的主动攻击是在两个元件之间建立或破坏电连接。例如，许多芯片中的调试功能是通过"炸毁"电子保险丝来禁止的。一旦找到这个电子保险丝，攻击者就可以重新连接它的两端，有效地解除"炸毁"操作。更昂贵的攻击涉及到在芯片工作时改变元件上的电压，通常用于对复杂的电路进行逆向工程。
</p-ch>
<p-en>
	Surprisingly, active attacks are not significantly more expensive to carry out than passive non-destructive attacks. This is because the tools used to measure the voltage across specific components are not very different from the tools that can tamper with the chip's electric circuits. Therefore, once an attacker develops a process for accessing a module without destroying the chip's circuitry, the attacker can use the same process for both passive and active attacks.
</p-en>
<p-ch>
	令人惊讶的是，主动攻击的成本并不比被动的非破坏性攻击高很多。这是因为用于测量特定元件上的电压的工具与能够篡改芯片电路的工具并无太大区别。因此，一旦攻击者开发出一种在不破坏芯片电路的情况下进入模块的程序，攻击者就可以使用同样的程序进行被动和主动攻击。
</p-ch>
<p-en>
	At the architectural level, we cannot address physical attacks against the CPU's chip package. Active attacks on the CPU change the computer's execution semantics, leaving us without any hardware that can be trusted to make security decisions. Passive attacks can read the private data that the CPU is processing. Therefore, many secure computing architectures assume that the processor chip package is invulnerable to physical attacks.
</p-en>
<p-ch>
	在架构层面，我们无法解决针对CPU的芯片封装的物理攻击。对CPU的主动攻击会改变计算机的执行语义，使我们没有任何可以信任的硬件来做出安全决策。被动攻击可以读取CPU正在处理的私有数据。因此，许多安全计算架构都认为处理器芯片封装对物理攻击是无懈可击的。
</p-ch>
<p-en>
	Thankfully, physical attacks can be deterred by reducing the value that an attacker obtains by compromising an individual chip. As long as this value is below the cost of carrying out the physical attack, a system's designer can hope that the processor's chip package will not be targeted by the physical attacks.
</p-en>
<p-ch>
	值得庆幸的是，物理攻击可以通过降低攻击者通过入侵单个芯片获得的价值来阻止。只要这个价值低于进行物理攻击的成本，系统的设计者就可以希望处理器的芯片封装不会成为物理攻击的目标。
</p-ch>
<p-en>
	Architects can reduce the value of compromising an individual system by avoiding shared secrets, such as global encryption keys. Chip designers can increase the cost of a physical attack by not storing a platform's secrets in hardware that is vulnerable to destructive attacks, such as e-fuses.
</p-en>
<p-ch>
	架构师可以通过避免共享秘密（如全局加密密钥）来降低危害单个系统的价值。芯片设计者可以通过不将平台的秘密存储在容易受到破坏性攻击的硬件中，如电子引信，来增加物理攻击的成本。
</p-ch>
<section-title-en>3.4.4 Power Analysis Attacks</section-title-en>
<section-title-ch>3.4.4 电力分析攻击</section-title-ch>
<p-en>
	An entirely different approach to physical attacks consists of indirectly measuring the power consumption of a computer system or its components. The attacker takes advantage of a known correlation between power consumption and the computed data, and learns some property of the data from the observed power consumption.
</p-en>
<p-ch>
	一种完全不同的物理攻击方法是间接测量计算机系统或其部件的功耗。攻击者利用功耗与计算数据之间的已知相关性，从观察到的功耗中学习数据的某些属性。
</p-ch>
<p-en>
	The earliest power analysis attacks have directly measured the processor chip's power consumption. For example, [122] describes a simple power analysis (SPA) attack that exploits the correlation between the power consumed by a smart card chip's CPU and the type of instruction it executed, and learned a DSA key that the smart card was supposed to safeguard.
</p-en>
<p-ch>
	最早的功率分析攻击是直接测量处理器芯片的功耗。例如，[122]描述了一种简单的功率分析(SPA)攻击，利用智能卡芯片的CPU消耗的功率与其执行的指令类型之间的相关性，学习了智能卡应该保障的DSA密钥。
</p-ch>
<p-en>
	While direct power analysis attacks necessitate some equipment, their costs are dominated by the complexity of the analysis required to learn the desired information from the observed power trace which, in turn, is determined by the complexity of the processor's circuitry. Today's smart cards contain special circuitry [179] and use hardened algorithms [77] designed to frustrate power analysis attacks.
</p-en>
<p-ch>
	虽然直接的功率分析攻击需要一些设备，但其成本主要是由从观察到的功率跟踪中学习所需信息所需的分析的复杂性所决定的，而这种复杂性又是由处理器电路的复杂性所决定的。今天的智能卡包含特殊的电路[179]，并使用强化的算法[77]，旨在挫败功率分析攻击。
</p-ch>
<p-en>
	Recent work demonstrated successful power analysis attacks against full-blown out-of-order Intel processors using inexpensive off-the-shelf sensor equipment. [60] extracts an RSA key from GnuPG running on a laptop using a microphone that measures its acoustic emissions. [59] and [58] extract RSA keys from power analysisresistant implementations using a voltage meter and a radio. All these attacks can be performed quite easily by a disgruntled data center employee.
</p-en>
<p-ch>
	最近的工作表明，利用廉价的现成传感器设备，成功地对英特尔处理器进行了全面失序的功率分析攻击。[60]利用一个测量其声发射的麦克风从笔记本电脑上运行的GnuPG中提取RSA密钥。59]和[58]利用电压表和无线电从抗功率分析实现中提取RSA密钥。所有这些攻击都可以由一个心怀不满的数据中心员工很容易地执行。
</p-ch>
<p-en>
	Unfortunately, power analysis attacks can be extended to displays and human input devices, which cannot be secured in any reasonable manner. For example, [182] documented a very early attack that measures the radiation emitted by a CRT display's ion beam to reconstitute the image on a computer screen in a different room. [125] extended the attack to modern LCD displays. [201] used a directional microphone to measure the sound emitted by a keyboard and learn the password that its operator typed. [148] applied similar techniques to learn a user's input on a smartphone's on-screen keyboard, based on data from the device's accelerometer.
</p-en>
<p-ch>
	不幸的是，功率分析攻击可以扩展到显示器和人类输入设备，而这些设备无法以任何合理的方式进行安全保护。例如，[182]记录了一个非常早期的攻击，它测量CRT显示器的离子束发射的辐射，以重建不同房间的计算机屏幕上的图像。125]将攻击扩展到现代液晶显示器。201]使用定向麦克风测量键盘发出的声音，并学习其操作员输入的密码。[148]应用类似的技术，根据设备加速度计的数据，学习用户在智能手机屏幕键盘上的输入。
</p-ch>
<p-en>
	In general, power attacks cannot be addressed at the architectural level, as they rely on implementation details that are decided during the manufacturing process. Therefore, it is unsurprising that the secure computing architectures described in §4 do not protect against power analysis attacks.
</p-en>
<p-ch>
	一般来说，功率攻击无法在架构层面上解决，因为它们依赖于制造过程中决定的实现细节。因此，x4中描述的安全计算架构不能防止功率分析攻击是不足为奇的。
</p-ch>
	
</body>
</html>	